Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-51515 WordPress Uncode Core plugin <= 2.8.8 - Privilege Escalation vulnerability — Uncode Core 8.8 High2024-04-12
CVE-2023-51499 WordPress WooCommerce Shipping Per Product plugin <= 2.5.4 - Broken Access Control vulnerability — WooCommerce Shipping Per Product 4.3 Medium2024-04-12
CVE-2023-52211 WordPress WP Job Manager plugin <= 2.0.0 - Broken Access Control vulnerability — WP Job Manager 5.3 Medium2024-04-12
CVE-2023-32295 WordPress Easy!Appointments plugin <= 1.3.3 - Arbitrary File Deletion vulnerability — Easy!Appointments 6.3 Medium2024-04-11
CVE-2024-31997 XWiki Platform remote code execution from account through UIExtension parameters — xwiki-platform 10.0 Critical2024-04-10
CVE-2024-31987 XWiki Platform remote code execution from account via custom skins support — xwiki-platform 10.0 Critical2024-04-10
CVE-2024-31983 XWiki Platform: Remote code execution from edit in multilingual wikis via translations — xwiki-platform 10.0 Critical2024-04-10
CVE-2024-31981 XWiki Platform: Privilege escalation (PR) from user registration through PDFClass — xwiki-platform 10.0 Critical2024-04-10
CVE-2024-31242 WordPress Bricksforge plugin <= 2.0.17 - Unauthenticated Arbitrary Email Sending vulnerability — Bricksforge 5.3 Medium2024-04-10
CVE-2024-31230 WordPress ShortPixel Adaptive Images plugin <= 3.8.2 - Broken Access Control vulnerability — ShortPixel Adaptive Images 5.3 Medium2024-04-10
CVE-2024-31342 WordPress Gallery Exporter plugin <= 1.3 - Arbitrary File Download vulnerability — WordPress Gallery Exporter 6.5 Medium2024-04-10
CVE-2024-31343 WordPress MP3 Audio Player for Music, Radio & Podcast by Sonaar plugin <= 4.10.1 - Arbitrary File Download vulnerability — MP3 Audio Player for Music, Radio & Podcast by Sonaar 7.5 High2024-04-10
CVE-2024-31297 WordPress Wholesale For WooCommerce plugin <= 2.3.1 - Unauthenticated Arbitrary Post/Page vulnerability — Wholesale For WooCommerce 7.5 High2024-04-10
CVE-2024-31358 WordPress 5 Stars Rating Funnel plugin <= 1.2.67 - Arbitrary Content Deletion vulnerability — 5 Stars Rating Funnel 7.5 High2024-04-10
CVE-2024-1042 WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions — WP Radio – Worldwide Online Radio Stations Directory for WordPress 6.4 Medium2024-04-10
CVE-2024-3235 Essential Grid <= 3.1.1 - Unauthenticated Private Post Disclosure — Essential Grid Gallery WordPress Plugin 5.3 Medium2024-04-10
CVE-2024-1041 WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Settings — WP Radio – Worldwide Online Radio Stations Directory for WordPress 6.4 Medium2024-04-10
CVE-2024-1352 Classified Listing – Classified ads & Business Directory Plugin <= 3.0.4 - Missing Authorization — Classified Listing – AI-Powered Classified ads & Business Directory Plugin 6.5 Medium2024-04-09
CVE-2024-3213 Relevanssi – A Better Search <= 4.22.1 - Missing Authorization to Unauthenticated Count Option Update — Relevanssi Premium 5.3 Medium2024-04-09
CVE-2024-1984 Graphene <= 2.9.2 - Missing Authorization — Graphene 5.3 Medium2024-04-09
CVE-2023-6965 Pods - Custom Content Types and Fields - Missing Authorization — Pods – Custom Content Types and Fields 4.3 Medium2024-04-09
CVE-2024-1587 Newsmatic <= 1.3.4 - Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_content — Newsmatic 5.3 Medium2024-04-09
CVE-2024-2222 Advanced Classifieds & Directory Pro <= 3.0.0 - Missing Authorization to Arbitrary Attachment Deletion — Advanced Classifieds & Directory Pro 4.3 Medium2024-04-09
CVE-2024-1387 Happy Addons for Elementor <= 3.10.4 - Incorrect Authorization to Information Exposure — Happy Addons for Elementor 4.3 Medium2024-04-09
CVE-2024-1934 WP Compress – Image Optimizer <= 6.11.08 - Missing Authorization to Unauthenticated CDN Modification — WP Compress – Instant Performance & Speed Optimization 7.5 High2024-04-09
CVE-2024-1991 RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login <= 5.3.0.0 - Authenticated (Subscriber+) Privilege Escalation — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login 8.8 High2024-04-09
CVE-2024-3097 WordPress Gallery Plugin – NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure — Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery 5.3 Medium2024-04-09
CVE-2024-1850 AI Post Generator | AutoWriter <= 3.3 - Missing Authorization — AI Post Generator | AutoWriter 6.3 Medium2024-04-09
CVE-2024-1904 MasterStudy LMS <= 3.2.13 - Missing Authorization to Sensitive Information Exposure in search_posts — MasterStudy LMS WordPress Plugin – for Online Courses and Education 4.3 Medium2024-04-09
CVE-2024-1637 360 Javascript Viewer <= 1.7.12 - Missing Authorization to Plugin Settings Update — 360 Javascript Viewer 4.3 Medium2024-04-09

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.